<?php
/**
 * Created by PhpStorm.
 * User: lzq
 * Date: 2018-11-11
 * Time: 13:54
 */

namespace backend\components;

use Yii;
use yii\base\Behavior;
use yii\web\Controller;
use yii\web\ForbiddenHttpException;
use mdm\admin\components\Helper;

class PermissionBehavior extends Behavior
{

    public $actions = [];

    public function events()
    {
        return [
            Controller::EVENT_BEFORE_ACTION => 'beforeAction',
        ];
    }

    /**
     *
     * @param \yii\base\ActionEvent $event
     * @throws ForbiddenHttpException
     * @return boolean
     */
    public function beforeAction($event)
    {



        $controller = $event->action->controller->id; //获取到控制器
        $action = $event->action->id; //获取到action


        //验证权限
        $access = $controller."/".$action;  //权限name

        /* @var yii\rbac\DbManager $auth*/
//        $auth = Yii::$app->authManager;


        if($access=='user/request-password-reset'){
            return true;
        }

        //超级管理员不需要验证权限 ,以后这里可以添加不需要验证的用户
//         if (Yii::$app->user->id==2) return true;

        if (!Helper::checkRoute($access)) {
            throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
        }

        return true;

    }
}